In this article, we review the top features of 5 managed SD WAN vendors and discuss the different trade-offs involved with a fully managed service versus the DIY option to WAN management.
Within the UK, Netify clients almost always opted for managed services when procuring Wide Area Network (WAN) services. This is in contrast to our US business where the majority of clients opt for agile network capability via wires only DIY solutions. SD WAN services are offering up somewhat of a dilemma as IT Managers are considering their resources in respect of DIY SD WAN. Does software-based networking mean businesses are positioned to remove the cost of managed services?
“As a companion to this article, choose between our SD WAN vendor assessment quiz or use the full comparison tool. They're both free to use and created for IT teams.”
Visit the SD WAN quick assessment page now, receive instant vendor recommendations. Start the SD WAN vendor quick assessment →
Create your free login to Netify. Start filtering features, comparing vendors side-by-side and view their focus areas. Login to access the comparison tool →
The above two screen captures are taken from the SD WAN quick assessment and the more comprehensive comparison tool which allows users to filter features and conduct their own research. Click on the images to go directly to the tools and benefit from our research.
Who are the top/best 5 Managed SD WAN providers and vendors?
Silver Peak requires careful thought as to which of their partners to use, they only sell their SD WAN service via the channel.
Cato Networks offer full managed SD WAN without the need of a partner.
Aryaka lead their proposition with managed SD WAN.
VeloCloud offer different phases (options) for managed SD WAN customers.
Masergy offer local Internet access with managed SD WAN.
If you have any questions about the vendors listed above, please send me an Email (I'm available to answer any questions across Gartner leading vendors). UK: 01603-273777 US: 209-392-5505
Would you like Netify to continue creating these resources?
While the data on this page is free to use and share, please consider supporting Netify by logging in to the site and making contact with vendors using our tool. Login to access the comparison tool →
What is Silver Peak's Managed SD WAN solution?
Silver Peak offers comprehensive SD WAN features to service most managed Enterprise customers and their networking needs. When reviewing managed WAN, readers should note that Silver Peak do not sell directly to end clients which means selection of their solution as a vendor also requires choosing the right partner.
“Silver Peak managed services requires the right integrator. Netify is able to advise on a number of options depending on requirement.”
The level at which partners are involved with the customer is variable with some offering end to end management and others providing initial professional services configuration as the enabler to DIY and co-managed services.
Silver Peak do not offer built-in SASE security, their preference is to enter partnerships with companies such as Zscaler with API integration into their management portal. If your business is requiring end to end SD WAN with SASE security, you will need to understand how integration occurs to meet the needs of fully managed SD WAN.
Products: Unity EdgeConnect, Unity Orchestrator, Unity Boost.
Notes: HPE has acquired Silver Peak in 2020.
What are the strengths of Silver Peak Managed SD WAN?
- Seriously capable SD WAN features, ideal for Enterprise Software-WAN.
- WAN acceleration.
What are the weaknesses of Silver Peak Managed SD WAN?
- Requires careful thought regarding which partner to buy from as expertise is required.
- No SASE security built-in to the solution.
- No public or private gateway access, views differ as to whether this is indeed as disadvantage.
What is Cato's Managed SD WAN solution?
Cato are one of the only full stack SD WAN vendors offering customers the ability to engage at all levels across DIY, co-managed and fully managed services.
“Cato offer CNaC architecture meaning your IT team does not have to choose between DIY, Co-Managed or Fully Managed services.”
With CATO, simplicity aligned with a broad range of capability means they are a good fit for the majority of organisations. One key benefit for global organisations is their private backbone to help applications transit between countries.
Cato offer an ‘all-in-one’ approach to SD WAN which combines typical features with SASE security (IPS, CASB, Cloud SWG, ATNA, WAAPaaS, FWaaS, RBI, DNS). Cato will also manage the underlay service provider by fielding support calls and working connectivity issues through to resolution.
Products: Cloud Optimisation, WAN Optimisation, NGFW (Next-Generation Firewall), Secure Web Gateway, Advanced Threat Protection, Cloud and Mobile Security.
What are the strengths of Cato's Managed SD WAN?
- Simple to use but with powerful SD WAN features.
- Full SASE security service and remote access options.
- Private backbone connectivity.
- 3rd party tail management for the local WAN connection.
What are the weaknesses of Cato's Managed SD WAN?
- Cato meets the needs of most businesses, more complex requirements may be better suited elsewhere.
- No direct connection to Cloud providers, AWS, Azure, Google Cloud.
- Businesses need to understand whether the Cato PoP locations fit branch-office locations.
What is Aryaka's Managed SD WAN solution?
Aryaka offers a comparative solution to MPLS VPN services by offering customers VPN access into their local Global private based POPs. The Aryaka managed service encompasses connectivity with local loop SLAs based on 99.99% uptime guarantee.
“Aryaka is one of the only providers which provides support for both overlay and underlay with fully managed services.”
The typical SD WAN marketplace solution offers overlay with a set of features, Aryaka offer their purpose built managed underlay network with proprietary TCP proxies to provide improve application performance.
While Aryaka is a strong managed SD WAN contender, readers should note that there is currently no SASE security offering.
Products: Smart Connect (WAN optimisation), Smart CDN (IP and Web app acceleration) and Cloud VPN.
What are the strengths of Aryaka's Managed SD WAN?
- Fully managed, encompassing the purchase of service provider tail circuits.
- Broad set of SD WAN features.
What are the weaknesses of Aryaka's Managed SD WAN?
- No SASE security.
- As with Cato, businesses need to check Aryaka Pops vs locations.
What is VeloCloud's Managed SD WAN solution?
The VeloCloud integrated SD WAN solution offers routing and Firewall functionality together with over 100 cloud gateways which are interconnected vi multiple ISPs to offer the best possible performance. The VeloCloud approach is positioned in the middle of Silver Peak (end to end Internet) and Cato / Aryaka (private backbone).
“VeloCloud is a Gartner leader with 100+ global public gateways.”
The VeloCloud managed SD WAN proposition is typically delivered by integrators and service providers which use their implementation of the VeloCloud orchestrator to deliver service. Businesses will be offered access to VeloCloud as an end to end managed service including service levels.
Products: VMware SD-WAN Gateways, a cloud-based VMware SD-WAN Orchestrator and a branch platform, VMware SD-WAN Edge.
What are the strengths of VeloCloud's Managed SD WAN?
What are the weaknesses of VeloCloud's Managed SD WAN?
- Recently announced SASE
What is Masergy's SD WAN solution?
The history of Masergy surrounds one of the finest core MPLS networks provisioned between the worlds global financial locations offering excellent application support. Their managed SD WAN proposition is based around the Fortinet and Silver Peak appliances and NFV installations - Silver Peak can be sold as stand-alone appliances. Masergy are also recognised for the unified communications service offering, contact centre and managed security solutions.
“One of the finest global networks with support for SD WAN and SASE managed services.”
An ideal option for businesses considering using the service provider model to deliver SD WAN with end to end billing of both the underlay and the overlay.
Products: SD-WAN with Threat Monitoring and Response, Managed xG, Secure Wi-Fi, Secure Managed Switch, Managed CASB.
What are the strengths of Masergy's Managed SD WAN?
- Highest NPS of almost any service provider in the industry.
- Excellent backbone, recognised for global performance.
- Masergy have implemented early SD WAN technology for many years.
What are the weaknesses of Masergy's Managed SD WAN?
- They do not own the complete technology stack - i.e. partners are required to deliver the solution.
- The Masergy backbone is suited to metro locations.
What SD WAN managed service options are typically included?
- An IP based overlay network using encryption and authentication technology end to end.
- Independence from the underlay network, i.e. select your best fit ISP, MPLS or VPLS provider.
- Assurance of network performance across SD WAN tunnels.
- Packet forwarding based on the application.
- Uptime high availability using multiple WAN connection circuits.
- Per-session or per-packet based forwarding via configured policy.
- Automation of configuration via zero-touch managed SD WAN deployment, orchestration and centralised management.
- Consolidation of features including SASE security, WAN optimisation, NGFW Security, path selection for Cloud apps.
- Diversity using support for multiple WAN connectivity links such as Ethernet, Broadband, 4G and 5G to avoid downtime and packet loss.
- Moving toward an SD WAN as a Service consumption model.
- Sourcing of hybrid WAN services is available from selected vendors.
- Support for traditional WAN services such as MPLS VPN connectivity.
Over time, the service provider sector is trending toward consumption models, similar to cloud-based applications, where IT infrastructure technologies are purchased and maintained as a service.
This is in contrast to the traditional model where you buy the equipment and other resources up front and have access to all of their licensed capabilities in perpetuity.
The great appeal of the SD WAN solution consumption model for business managers is that it becomes easier to move potentially unpredictable capital expenditures (CAPEX) into more stable operational expenditures (OPEX). Likewise, it is easier with the consumption model to purchase only what you need and gracefully expand later.
This is known as elasticity. The traditional DIY approach to purchasing and operating your own IT infrastructure requires upfront investments in physical customer premises hardware. It also requires technical expertise to maintain the WAN infrastructure.
By moving to a managed services model, you have the opportunity to reduce upfront costs and potentially lower requirements for in-house expert-level technical staffing. Regarding the initial deployment of SD WAN services, frequently the most expensive and time-consuming portion involves replacing legacy WAN solution routing equipment at each location with new devices that support the SD WAN platform.
Some recent network services equipment may become SD WAN enabled with software upgrades, as is the case with Cisco Meraki MX appliances and more recent Cisco ISR/ASR routers capable of running Cisco IOS-XE code. But if your existing equipment is more than five years old, it will most probably need replacing to support SD WAN. With the DIY approach, this can represent a very large expense in both hard and soft costs for the business.
With a managed services provider, the SD WAN hardware may be included as part of your monthly spend rather than requiring the large initial investment. When you subscribe to services from public cloud providers such as Amazon AWS , Microsoft Azure , and Google GCP , the elastic consumption model allows you to easily purchase more resource capacity as it becomes necessary.
Similarly, the SD WAN managed services approach lets you easily upgrade your SD WAN capabilities when the necessity arises. A common example is when experiencing rapid growth within your business.
When you run out of processing capacity in your WAN, you will need to acquire larger routers, which is another CAPEX purchase when using the DIY model. With the managed services approach, you can acquire the larger routers or SD WAN appliances and simply have your contract adjusted accordingly while only incurring the incrementally lesser OPEX costs instead.
Is the SD WAN market predominately a DIY approach?
Larger organisations frequently have teams dedicated to managing the underlay networking infrastructure.
This is because the design, configuration and ongoing operations and maintenance often require expert-level knowledge. Some businesses outsource the knowledge needed for initial design and configuration of complex infrastructures and then perform ongoing operations with in-house talent. SD WAN is frequently marketed toward a DIY approach because once the initial design and configurations have been performed, ongoing operations become radically simplified when compared to the traditional text command-line interface (CLI) model.
This is because all SD WAN products are designed with a simplified cloud services style web-based interface that makes it easy to maintain the system. The web-based graphical user interface (GUI) model usually has configuration defaults and best practices already defined. Likewise, many of the more advanced implementation details (affectionately known as “nerd knobs”) are hidden away.
When an SD WAN platform is acquired using the managed services approach, the MSP takes care of the design and configuration. Depending on the expertise level of your in-house staff, this aspect alone may make using an MSP worth it as your company begins to take advantage of what SD WAN can do for you.
Most SD WAN platforms additionally offer the best of both worlds where the MSP can still perform the initial design and setup, but let the customer participate in ongoing operations.
This includes both monitoring and management in the form of making business policy changes without requiring involvement from the MSP. For example, your business may deploy a new company-wide application and decide to provide preferential treatment to the network traffic generated by the new software. With the hybrid managed SD WAN model, you could be granted the ability to make those kinds of changes without waiting for the MSP to do them for you.
Another common example with a managed services deployment is having an enterprise account with read-only access into the platform. This is useful for performing your own monitoring via cloud-based services and associated portal gateways. Your company’s help desk or network operations centre (NOC) can keep an eye on the overall state of the WAN and contact individual locations when issues arise.
Having this view into the system is also useful for trend analysis, such as physical links that consistently exhibit poor performance or deciding when it is time to upgrade the bandwidth of a particular connection. SD WAN makes these kinds of operations easy whether using the MSP or DIY approach.
What are the risks with a DIY approach?
Note: Picture shown displays the Netify market network, create a shortlist based on managed services.
Choosing to deploy and manage a Software Defined environment yourself is certainly possible, and many organisations have done so.
However, as with all things, there are certain risks and trade-offs that must be considered before jumping down this path. Most of these considerations are based on the size of your business and the expertise level of your staff.
With the traditional wires only approach, your business purchases the SD WAN platform and the underlying physical connections independently. Smaller organisations may have an easier time with this type of deployment because there are fewer circuits to manage and the overall network design will most likely be simpler as well.
When your company grows in size, different network designs and operations must be considered as the overall environment grows accordingly in complexity. Different network-level optimisations must be made to keep performance high and to keep costs down. These network designs frequently require staff with expert-level skills.
SD WAN attempts to simplify some of these operations through the use of GUI cloud applications and by implementing safe defaults, but networking staff with the requisite skills will understand the ramifications of performing the different available optimisations to give your users a better overall experience and increase your total value of the SD WAN deployment.
Expert-level staffing is included with the managed services deployment. When you attempt the DIY model, without having appropriately skilled staff in place, you potentially open yourself up to additional vulnerabilities such as security risks and potential downtime due to poor network designs across branch locations.
Staff with lower skill levels may not even be aware of the various risks associated with making decisions across security policies associated with SD WAN deployments which could leave your business open to outside attackers.
A poor network design may not have the required redundancy levels to keep your network operating smoothly when outages or misconfigurations occur.
On the opposite side of the spectrum, you may have very skilled networking staff, but the size of your business makes a DIY approach cost prohibitive. For example, if your company has hundreds or thousands of locations that all require equipment upgrades to take advantage of SD WAN, the upfront cost of replacing the equipment may be less palatable to you than with the managed services approach where the SD WAN edge devices are typically included as part of the service. Another risk of the DIY approach is that some SD WAN platforms are offered only to service providers and are unavailable to the general public.
This is becoming less of a consideration, though, as SD WAN platforms continue to mature with new features and more stable code. Chances are relatively slim that a platform offered only to service providers will have features unavailable with other vendors that do support a DIY deployment. But, with an MSP, you won’t have to give this any consideration at all.
What kinds of device and service consolidations are available with SD WAN?
The managed services approach to SD WAN has additional benefits with the option of device and service consolidation.
For instance, most SD WAN vendors offer appliances with “branch in a box” functionality where multiple discrete devices are replaced with a single appliance that contains the required features.
A typical legacy branch deployment may have a separate router, switch, wireless access point, and potentially a firewall. Depending on your needs and the size of the location, each of these devices can be replaced with a single SD WAN device that covers all of the features and presents a single point of management.
A lot of companies have centralised or regionalised Internet backhaul where all traffic to and from the general Internet passes through a main firewall cluster. Most SD WAN platforms have integrated firewalls that allow for localised Internet breakout where you still have site-to-site VPN traffic, but traffic destined to and from the Internet can be kept local to the branch based on policy.
A common scenario is to have trusted whitelisted Internet sites use the local Internet connection, while all other Internet-bound traffic continues to traverse the central firewall for deeper inspection. While localised Internet breakout can be done with the DIY approach, a distinct advantage of the managed services approach is that the MSP can offer their own centralised firewall along with other public and private network services, such as private interconnections with major public cloud vendors.
The MSP can offer regionalised gateways into these services which saves you money and increases the performance of your managed SD WAN environment.
How to ensure the connectivity underlay is included within the managed wrap?
One of the advantages of SD WAN vs MPLS deployments is the ability to select from whichever ISP is a good fit vs your branch offices. What is the cost of managed SD WAN?
Most considerations in business ultimately come down to cost. Organisations continue to seek new ways to predict and stabilise ongoing expenses. The DIY approach can work for businesses of all sizes, and so can managed services. However, managed services may be a better fit for all but the smallest and very largest companies.
A very small company might not see an appreciable difference in what an MSP can offer because they are generally going to have smaller requirements including a simpler network design that is usually not too complicated.
On the other side, the very largest organisations might not see a lot of benefit from an MSP because chances are they already have a sufficient number of expert-level staff along with established vendor relationships. For just about everyone else, the managed services approach can represent cost savings through both CAPEX and OPEX as the SD WAN equipment is typically included as part of the service and often updated on a schedule.
Likewise, the MSP will have a staff of engineers who can take your business requirements and create an appropriate network design for you. The trade-off is that architectural level changes need to be worked out with the MSP which can take longer than the DIY approach, but with the MSP approach, you save by not necessarily needing to keep experts on staff.
Finally, there is the cost of acquiring and managing the circuits themselves. For larger companies with hundreds or thousands of sites, managing this many global SD WAN circuits is at least a full-time job unto itself.
You save money and aggravation by offloading this management task to the MSP. Some MSPs even have agreements with various carriers that lower overall costs, which can then be passed on to you as the ultimate customer.
A common example is an MSP’s ability to create a single pool of data across all of your individual 4G/5G connections, which can be a substantial saving across many locations.